Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PunBB口令重置弱随机数绕过安全限制漏洞
Vulnerability Description
PunBB是一款基于PHP的论坛程序。 PunBB的口令重置功能实现上存在漏洞,远程攻击者可能利用此漏洞在特定条件重置用户的口令。 如果用户忘记了口令的话,可使用PunBB的口令重置功能重置。在请求口令重置后,论坛会向用户发送一封邮件,包含有一个新的随机口令以及激活链接,用户必须点击这个链接才能使口令更改生效。 PunBB的口令重置功能使用mt_rand()生成新口令和激活链接,但在初始化马特赛特旋转演算法随机数生成器时使用了0到1,000,000之间的随机数,具体取决于当前的微秒,也就是只有100万个可
CVSS Information
N/A
Vulnerability Type
N/A